It was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command.